Cross-site Scripting
Cross-site scripting (XSS) vulnerability in http-file-server allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.
Advisories for Npm/Http-File-Server package
2019
Path Traversal
A path traversal vulnerability of the http-file-server npm module allows attackers to list files in arbitrary folders.